WARNING! Scammers are using Facebook targeting tool to steal accounts


The large scale phishing campaign by cybercriminals amid the pandemic was a huge success, it harvested more than six hundred thousand Facebook credentials from Nepal, Egypt, the Philippines, and other countries. Early this month, ThreatNix, a group of security professionals that provides cybersecurity solutions published a report that shows more than fifteen thousand compromised Facebook PH accounts in this phishing campaign.

ThreatNix published a report that shows more than fifteen thousand compromised Facebook PH accounts in this phishing campaign. (Photo from threatnix.io)

Ad sales are the primary source of Facebook's revenue and because of the sudden shift to online commerce by many retailers due to the Covid-19 pandemic, the increase in demands for ad placements on Facebook has also tremendously increased. But even before the health crisis, Facebook has made it a point to make things convenient and productive to advertisers by providing tools with a wide range of targeting options to get maximum results on their placements. One of these tools is called Facebook Audience. With more than one billion daily active users, the social media giant recognizes that it is critical that advertisers only show paid posts to those who are more likely to engage with them. Any user where the ad is shown who is not likely to engage with the ad is a waste of advertising money. Using the Audience Manager Tool advertisers could easily identify Facebook users who would potentially click the ads or engage with them. This same tool that assures reach and engagement for ads placed on the FB platform was exploited by cybercriminals to get the same results, this time for clicks on the phishing links and tricking gullible users to engage with the FB paid posts. Once users input their credentials and click submit or sign-in on the fake login page, these were then saved and sent to the scammers.

To make the malicious FB ads more believable, the scammers used pictures and profiles of credible people, big Philippine organizations, and even Facebook Messenger which the social media giant allowed as sponsored or paid ads.

Checking the Facebook advertising policy where the social media company listed prohibited content, you would see that these types of ads are not considered misinformation or deceitful practices. For Facebook, an ad is only considered as Misinformation if the claims are debunked by its third-party checkers or if includes misinformation about vaccines as identified and verified by global health organizations such as the World Health Organization. Deceitful practices, one of the prohibited contents on Facebook Advertising Policy only covers products or services that are "designed to enable a user to engage in cheating or deceitful practices."

These types of ads, however, clearly violated at least two items on prohibited content on FB advertising policy including 1) spyware or malware, and 2) unacceptable business practices. Why these ads keep on appearing on your FB wall is however not a mystery. If you happen to see these scam ads there's the word "sponsored" just below the group's or individual's name who posted it. Sponsored means someone paid Facebook so that you would see the post and make it appear on your timeline. The scammers used FB ad features and learned about the details who would most likely click the ad by paying Facebook for the information.

Below are some examples of the ad:

This ad targets FB users who are 40 years old and below, speak English and located in the Philippines.
This ad using the photos of Finance Secretary Carlos Dominguez targets users who are above 45 years old, speak English and located in the Philippines.
This amazingly believable scam ad targets Smart subscribers. The only giveaway is the accented letter "o" in the word "Communications". Once clicked, it would then open a fake FB login page.
A Facebook ad would lead to a bank's login page, if users would not be careful they would believe that this is a legitimate Metrobank Login Page. This is a fake page that would steal your login credentials.
This FB fake login page pops up when you click ads about fake promos and giveaways. To get the giveaway or promo, you need to verify your age by giving your login details. Samsung and Huawei are not selling old phones for PhP5.00, this is a Facebook supported scam that aims to steal your login details.
This fake Facebook login page appears when users click a sponsored FB ad. Always check the URL. It could could steal login credentials
Scammers have increased the scope of their targeting strategy. The bad guys are now aggressively targeting people in a category called Facebook Page admins. If you are an admin of at least one page, FB has automatically added you to this category. The targeted age has also changed, now covering almost every FB page admins.

What to do?

Facebook as a social media platform is full of sponsored posts, these are posts paid for by advertisers to appear on your wall. There is nothing wrong with this if the ad offers real products or services. The problem is, Facebook also allows scammers to ply their trade on the platform making it dangerous for ordinary users.

Never trust an ad on Facebook. Always check the spelling and look for the slightest alteration and if there is one, block it. Click that three buttons at the upper right side of the ad and report to FB. Always check the website address of the page if you happened to click the link. If it is not the official link of the bank or the company the ad is pushing, don't proceed.

Cybersecurity risk is the other pandemic. Scammers are the other deadly virus. Again friends, think before you click. The number of scam victims has exponentially increased since March 2020 compared to the same period last year. Facebook will not ban these scam ads, it's a business. Educate yourself, your family, and your friends. We need to watch our own backs if and when we decide to go inside that digital jungle called social media. It's always safe to #BeFullyInformed.